Jump to content

[Guide] Disable Data Collection in Windows 10


ptd163

Recommended Posts

Nothing seems to break when the firewall blocks these connections to spynet2.microsoft.com and spynetalt.microsoft.com...

In reality, it's just a typo: it should be "skynet", not "spynet"... however, since it didn't emerge spontaneously, but instead was created by NuMS, it's in fact superdumb, and unable to spell correctly! :whistle:

Link to comment
Share on other sites

  • 2 weeks later...

A while ago I noticed mrt.exe connecting to "Spynet" on a daily basis, always during maintenance.

After a bit of research (Google to be honest) I found the reason.

 

 

Recent releases of the MSRT collect and report details about the state of real-time antimalware software on the computer, if the computer’s administrator has chosen to opt in to provide data to Microsoft. This telemetry makes it possible to analyze security software usage patterns around the world and correlate them with infection rates.

 

To disable that "feature" set the following registry key:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT

 

Entry name: DontReportInfectionInformation

Type: REG_DWORD

Value data: 1

 

It stopped the connection attempts on my computer.

 

theevileagle

Link to comment
Share on other sites

  • 1 month later...

If i added those IPs to the host file will it disable windows updates?

 

Short answer:  No.  Windows Update uses its own methods to determine what servers to contact.

 

But an even better answer is:  Try it for yourself.  Keep good notes on what you do, save original files, that sort of thing.  The knowledge gained from the experience of seeing how things work is invaluable.

 

Use O&O ShutUp10 and W10Privacy and you'll get 99.44% of the way there without hacking files.

 

Use a deny-by-default firewall setup to go that extra 0.56%.

 

-Noel

Link to comment
Share on other sites

Thanks a lot for explaining it, I've been using "DWS Lite" for a while, But i realized that i haven't received any updates for a long time, So i looked into it, and found out that it was blocking windows update servers/ips and thats why i wasn't able to receive any updates, So i wanted to know whether i'd get a similar result or not.

Link to comment
Share on other sites

I should add that I answered the way I did because I had a lot of those entries in a hosts file for quite a while and didn't have any problems updating a Windows 8.1 system.  It's possible it will be different - though I doubt it - on a Win 10 system.

 

-Noel

Link to comment
Share on other sites

I have nothing against DWS_Lite - it's just that I've never tried it so far.

 

In my experience, all these tools bring something unique to the party.  I'll be sure and try DWS_Lite and see whether there's some settings the other two haven't dealt with.

 

Thanks for the tip!

 

-Noel

 

 

 

Edit:  Tried running the "final version" of DWS_Lite from wzor.net, and the first thing my system did was try to contact a couple of sites I'd not seen my system access before, and it put up an error message ([ERROR] Error get icon). 

 

Not exactly a glowing first impression from an "anti-spying" software package.

 

I'll continue looking it over.

 

 

Edit 2:  I see that earlier in this thread MaxXPSoft mentioned DWS_Lite.  I noticed it at the time but completely forgot about it after.

 

I made a VM snapshot and started working through the "Utilities"...

 

  • I unchecked the "Add spy domains to hosts file, and block in Windows Firewall" setting and skipped the "Open and edit HOSTS file" button, as I already have my hosts file and firewall setups in good order.
     
  • For "Delete all windows 10 metro apps"...  LOL, since I've already pried all Metro/Modern/Universal Apps out, it said "Press OK and wait 15 minutes", but the operation took exactly 4 seconds to complete.
     
  • Having already removed OneDrive, I did the "Delete One Drive" function anyway, and it completed quickly, though interestingly the onedrivesetup.exe application tried to call the mothership (ssw.live.com, 207.46.7.252 port 80).
     
  • I have already disabled UAC so I skipped "Disable UAC", which was grayed-out anyway.  It's good to see that others think this is important.
      
  • I have already disabled the Windows Update service to support my "user always in control" goals, so I skipped "Disable Windows Update".
     
  • I don't have (and don't plan to get) Office 2016, but I figured I'd try the "Disable Office 2016 Telemetry" feature.  The warning "Office 2016 may stop working after these actions" came up, which I smiled at (thinking, "that's not a bug, that's a feature!").  But I never found any msosync.exe on my VM (which is not surprising, since I haven't installed Office there) so I guess it's just a non-applicable feature. 
     
  • I have no idea why there's a "Fix screen rotate" feature, but I don't have any problem with any kind of screen rotation, so I'm going to avoid that.

Noted unwanted side effects: 

 

The Settings App was completely removed, even though it's not listed in the list of Apps to be removed.  That makes little sense, since Settings is actually needed in Windows 10 for a few things.  This single issue caused me to revert to my pre-DWS snapshot and end the testing.

 

I'll try again some time when I have more time.

Edited by NoelC
Link to comment
Share on other sites

DWS C# https://github.com/Nummer/Destroy-Windows-10-Spying

running in debug it didn't try going out

 

O&O has a few settings W10Privacy don't but don't uninstall apps

Spybot Anti Beacon same

W10Privacy is far more advanced uninstall both user and System apps so I switched to it. Saves time cause all you have left is Cortana/Edge and mop up

Link to comment
Share on other sites

  • 4 months later...
On 11/01/2016 at 11:31 AM, maxXPsoft said:

DWS C# https://github.com/Nummer/Destroy-Windows-10-Spying

running in debug it didn't try going out

O&O has a few settings W10Privacy don't but don't uninstall apps

Spybot Anti Beacon same

W10Privacy is far more advanced uninstall both user and System apps so I switched to it. Saves time cause all you have left is Cortana/Edge and mop up

I grabbed W10 Privacy and let it have a play and it seemed fairly ok to me.

Ideally I'd still like to do all these tasks off a long list, with sub-articles for each change explaining the logic/impacts and how they work. In an ideal world we'd all use this method, learn something along the way, and know what is really happening, and guarantee spyware free.

This site was good for Win7 hardening, the Win10 one is also interesting beyond just quieting Win10 down. A lot of what adds protection also protects you from MS. Also the more you're protected generally the less you need worry about Win10 'updates' to 'save you' from hax0rs.

http://hardenwindows10forsecurity.com/

Also mentioning github projects it reminds me of this thread I read the other day. OK perhaps a bit tin foil hat, but github is about as vanilla as a raspberry ripple chocolate chip lemon ice cream. If you're already donning a bit of tin foil hat because of Win10 being spyware, then github downloads don't guarantee you're getting something whiter than white.

I'm certainly going to look a bit more closely at these releases and double/triple check downloads from numerous places, check all the hashes and familiarise myself with the code a bit before just blindly using them. The possibility for big CDNs to just swizzle around data/hashes on these websites is all too reasonable to not ignore as a vector for undermining these tools (load pages without scripts, using a VPN, and check the URL, then reload via other means, check hashes remain constant etc)

As they say "Trust, but verify"

https://voat.co/v/programming/1439646

Edited by ProfessorUltraviolet
Link to comment
Share on other sites

  • 3 weeks later...

FYI, Sphinx Firewall version 8.1 is released.

This one uses a quite innovative name-based configuration process, which turns hard work into a breeze to keep up to date.

I've been using all the betas and now the released version on all my systems, and if you're looking for serious firewall sophistication I highly recommend it.

-Noel

Link to comment
Share on other sites

  • 11 months later...

if anyone wants my registry files that disable nearly every windows log / trace but keep eventlog running with the bare minimum of logging;

Application, Security, System, CBS, DISM, Windows Update, Setup etc

just ask.

 

i have powershell scripts that take ownership of the registry keys first so you can apply the tweaks. sets all unneeded logs / traces to 0 = disabled plus sets the max file size to minimum (1mb)

 

Untitled2.jpg

Untitled3.jpg

performance monitor just lists the tracing that's disabled on my system, event viewer has a massive list of extra logs under applications and services logs > microsoft > windows

too many to list there.

Edited by RanCorX2
Link to comment
Share on other sites

  • 10 months later...

@RanCorX2,

I know this thread is ancient. But would it be possible for you to post your reg files and powershell scripts?

I just got a new laptop with a lot of bloatware...so I want to make a fresh/clean windows 10 install.

Your files and scripts and other usefull info found on here could save me a lot of time configuring;-)

Thanks in advance.

 

Link to comment
Share on other sites

  • 1 month later...

Found this, if anyone wants to check it out:

Quote

Want to get a trace of all telemetry being collected in Win 10 and have it be automagically parsed out beautifully for you? Run this, let it hang, and press CTRL-C when you're done:

tracerpt -rt "Diagtrack-Listener" -o telemetry.evtx -of EVTX

Ref: https://twitter.com/mattifestation/status/1063141786779115520

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...